Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ovmf for openSUSE:Factory checked in
at 2024-08-13 13:22:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ovmf (Old)
and /work/SRC/openSUSE:Factory/.ovmf.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ovmf"
Tue Aug 13 13:22:01 2024 rev:104 rq:1193325 version:202402
Changes:
--------
--- /work/SRC/openSUSE:Factory/ovmf/ovmf.changes 2024-07-17
15:14:10.567937207 +0200
+++ /work/SRC/openSUSE:Factory/.ovmf.new.7232/ovmf.changes 2024-08-13
13:22:06.979427257 +0200
@@ -1,0 +2,19 @@
+Mon Aug 12 05:46:00 UTC 2024 - Joey Lee <j...@suse.com>
+
+- Add ovmf-x86_64-sev flavor to X64 against AMD SEV.
+ - Moved "-D SECURE_BOOT_ENABLE" from OVMF_FLAGS to EXTRA_FLAGS_X64,
+ , BUILD_OPTIONS_X86, BUILD_OPTIONS_AA64 and BUILD_OPTIONS_RV64
+ because SEV can NOT work with secure boot.
+- Removed ovmf-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch
+ because the SEV ovmf be separated from X64 ovmf as an independent flavor.
+ - The original patch reverts "58eb8517ad OvmfPkg/PlatformPei: Update
+ ReserveEmuVariableNvStore" which affects all ovmf flavor.
+ - The secure boot be disabled in SEV flavor, so we do not need revert
+ 58eb8517ad anymore. (bsc#1209266)
+- Add 50-ovmf-x86_64-sev.json to descriptors.tar.xz for SEV flavor
+ - Removed features tag:
+ "acpi-s3", "requires-smm", "secure-boot", "enrolled-keys"
+ - Add features tag:
+ "amd-sev", "amd-sev-es", "amd-sev-snp"
+
+-------------------------------------------------------------------
Old:
----
ovmf-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch
BETA DEBUG BEGIN:
Old: because SEV can NOT work with secure boot.
- Removed ovmf-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch
because the SEV ovmf be separated from X64 ovmf as an independent flavor.
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ovmf.spec ++++++
--- /var/tmp/diff_new_pack.iwX0ys/_old 2024-08-13 13:22:08.087473422 +0200
+++ /var/tmp/diff_new_pack.iwX0ys/_new 2024-08-13 13:22:08.091473589 +0200
@@ -63,8 +63,6 @@
Patch8:
%{name}-Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch
# Bug 1205613 - L3: win 2k22 UEFI xen VMs cannot boot in xen after upgrade
Patch9: %{name}-Revert-OvmfPkg-OvmfXen-Set-PcdFSBClock.patch
-# Bug 1209266 - OVMF firmware hangs when booting SEV or SEV-ES guest
-Patch10:
%{name}-Revert-OvmfPkg-PlatformPei-Update-ReserveEmuVariable.patch
# Bug 1219024 - SVVP test Check SMBIOS Table Specific Requirements fails
Patch11:
%{name}-OvmfPkg-SmbiosPlatformDxe-tweak-fallback-release-dat.patch
# Bug 1217704 - ovmf: reproducible builds problem in ovmf-riscv64-code.bin
@@ -231,7 +229,6 @@
# For some reason ARM still uses TPM2_CONFIG_ENABLE
OVMF_FLAGS=" \
- -D SECURE_BOOT_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE \
-D NETWORK_IP6_ENABLE \
@@ -250,6 +247,7 @@
BUILD_OPTIONS_X86=" \
$OVMF_FLAGS \
-D FD_SIZE_2MB \
+ -D SECURE_BOOT_ENABLE \
-D BUILD_SHELL=FALSE \
-a IA32 \
-p OvmfPkg/OvmfPkgIa32.dsc \
@@ -257,8 +255,10 @@
-t $TOOL_CHAIN \
"
-# Flavors for x86_64: 2MB, 4MB, and 4MB+SMM
-FLAVORS_X64=("ovmf-x86_64" "ovmf-x86_64-4m" "ovmf-x86_64-smm")
+# Flavors for x86_64: 2MB, 4MB, 4MB+SMM and AMD SEV
+FLAVORS_X64=("ovmf-x86_64" "ovmf-x86_64-4m" "ovmf-x86_64-smm"
"ovmf-x86_64-sev")
+# Flavors will NOT enroll default kek/db keys
+FLAVORS_X64_SKIP_SB_KEY=("ovmf-x86_64-sev")
BUILD_OPTIONS_X64=" \
$OVMF_FLAGS \
-D BUILD_SHELL=FALSE \
@@ -271,6 +271,7 @@
FLAVORS_AA64=("aavmf-aarch64")
BUILD_OPTIONS_AA64=" \
$OVMF_FLAGS \
+ -D SECURE_BOOT_ENABLE \
-D NETWORK_TLS_ENABLE \
-a AARCH64 \
-p ArmVirtPkg/ArmVirtQemu.dsc \
@@ -291,6 +292,7 @@
FLAVORS_RV64=("riscv")
BUILD_OPTIONS_RV64=" \
$OVMF_FLAGS \
+ -D SECURE_BOOT_ENABLE \
-a RISCV64 \
-p OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc \
-b DEBUG \
@@ -352,15 +354,17 @@
declare -A EXTRA_FLAGS_X64
EXTRA_FLAGS_X64=(
- [ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_2MB"
- [ovmf-x86_64-4m]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB -D
NETWORK_TLS_ENABLE"
- [ovmf-x86_64-smm]="-a IA32 -p OvmfPkg/OvmfPkgIa32X64.dsc -D FD_SIZE_4MB
-D NETWORK_TLS_ENABLE -D SMM_REQUIRE"
+ [ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_2MB -D
SECURE_BOOT_ENABLE"
+ [ovmf-x86_64-4m]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB -D
NETWORK_TLS_ENABLE -D SECURE_BOOT_ENABLE"
+ [ovmf-x86_64-smm]="-a IA32 -p OvmfPkg/OvmfPkgIa32X64.dsc -D FD_SIZE_4MB
-D NETWORK_TLS_ENABLE -D SMM_REQUIRE -D SECURE_BOOT_ENABLE"
+ [ovmf-x86_64-sev]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB -D
NETWORK_TLS_ENABLE"
)
declare -A OUTDIR_X64
OUTDIR_X64=(
[ovmf-x86_64]="OvmfX64"
[ovmf-x86_64-4m]="OvmfX64"
[ovmf-x86_64-smm]="Ovmf3264"
+ [ovmf-x86_64-sev]="OvmfX64"
)
%ifnarch x86_64
@@ -491,6 +495,10 @@
# We only build the variable templates for X64 and AARCH64
if [ "$ARCH" == "X64" ]; then
FLAVORS=${FLAVORS_X64[@]}
+ # some flavors should NOT enroll default keys
+ for skip in ${FLAVORS_X64_SKIP_SB_KEY[@]}; do
+ FLAVORS=("${FLAVORS[@]/$skip}")
+ done
elif [ "$ARCH" == "AARCH64" ]; then
FLAVORS=${FLAVORS_AA64[@]}
fi
++++++ descriptors.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/descriptors/50-ovmf-x86_64-sev.json
new/descriptors/50-ovmf-x86_64-sev.json
--- old/descriptors/50-ovmf-x86_64-sev.json 1970-01-01 01:00:00.000000000
+0100
+++ new/descriptors/50-ovmf-x86_64-sev.json 2024-08-07 10:20:00.571607784
+0200
@@ -0,0 +1,35 @@
+{
+ "description": "UEFI firmware for x86_64, with AMD SEV",
+ "interface-types": [
+ "uefi"
+ ],
+ "mapping": {
+ "device": "flash",
+ "executable": {
+ "filename": "@DATADIR@/ovmf-x86_64-sev-code.bin",
+ "format": "raw"
+ },
+ "nvram-template": {
+ "filename": "@DATADIR@/ovmf-x86_64-sev-vars.bin",
+ "format": "raw"
+ }
+ },
+ "targets": [
+ {
+ "architecture": "x86_64",
+ "machines": [
+ "pc-q35-*"
+ ]
+ }
+ ],
+ "features": [
+ "acpi-s4",
+ "amd-sev",
+ "amd-sev-es",
+ "amd-sev-snp",
+ "verbose-dynamic"
+ ],
+ "tags": [
+
+ ]
+}
